Daily NCSC-FI news followup 2020-12-04


www.epressi.com/tiedotteet/teknologia/kutsu-traficomin-kyberturvallisuuskeskuksen-mediawebinaariin-onko-kodin-alylaite-avoin-ovi-hakkerille.html Verkossa olevat älylaitteet voivat olla kanava koteihin suuntautuviin tietoturvahyökkäyksiin. Siksi tuotteiden valmistajien ja markkinoijien täytyy varmistaa laitteidensa tietoturvataso. Miten vuosi sitten Liikenne- ja viestintävirasto Traficomin julkistama Tietoturvamerkki on otettu vastaan yrityksissä? Miten se auttaa kuluttajia löytämään tietoturvallisen älylaitteen?. Ilmoittaudu mediawebinaariimme viimeistään ti 8.12. klo 12.00

JAMK julkaisi avoimen verkkokurssin, joka vie keskelle kyberhyökkäystä osa suurempaa kyberharjoitusta

www.jamk.fi/fi/Uutiset/jamk-julkaisi-avoimen-verkkokurssin-joka-vie-keskelle-kyberhyokkaysta–osa-suurempaa-kyberharjoitusta/ Jyväskylän ammattikorkeakoulu on julkaissut välittömästi saataville kaikille avoimen kyberturvallisuuden verkkokurssin pilotin. Kurssi on avoinna 17.12. klo 15 saakka. Kurssi kytkeytyy Euroopan laajuiseen kyberturvallisuusharjoitukseen, jonka JAMK järjestää tammikuussa 2021.

Cyber-warning for festive shoppers

www.bbc.com/news/technology-55171454 Online shoppers are being warned of the risks of cyber-fraud during the festive season. The National Cyber Security Centre (NCSC) – part of GCHQ – is launching a major campaign called Cyber Aware with its first ever TV ads.

Novel Online Shopping Malware Hides in Social-Media Buttons

threatpost.com/online-shopping-malware-social-media-buttons/161903/ The skimmer steals credit-card data, using steganography to hide in plain sight in seemingly benign images. Read also:


Leaking Browser URL/Protocol Handlers

www.fortinet.com/blog/threat-research/leaking-browser-url-protocol-handlers Generally speaking when talking about Protocol Handlers we are referring to a mechanism which allows applications to register their own URI scheme. This enables the execution of processes through the use of URI formatted strings. In this post we will discuss what are protocol handlers and disclose two information disclosure vulnerabilities affecting three major browsers (namely – Firefox, Edge and Chrome). Exploiting these vulnerabilities will enable a remote attacker to identify the presence of a vast amount of applications that may be installed on a targeted system.

Metro Vancouver’s transit system hit by Egregor ransomware

www.bleepingcomputer.com/news/security/metro-vancouvers-transit-system-hit-by-egregor-ransomware/ The Egregor ransomware operation has breached Metro Vancouver’s transportation agency TransLink with the cyberattack causing disruptions in services and payment systems.

Alert Regarding Vulnerability (CVE-2020-17527) in Apache Tomcat

www.jpcert.or.jp/english/at/2020/at200045.html On December 3, 2020 (Local Time), Apache Software Foundation has released information regarding a vulnerability (CVE-2020-17527) in Apache Tomcat. According to the information, Apache Tomcat could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. It is possible that this could lead to the leakage between requests, while this would most likely lead to an error and the closure of the HTTP/2 connection.

IBM Uncovers Global Phishing Campaign Targeting the COVID-19 Vaccine Cold Chain

securityintelligence.com/posts/ibm-uncovers-global-phishing-covid-19-vaccine-cold-chain/ At the onset of the COVID-19 pandemic, IBM Security X-Force created a threat intelligence task force dedicated to tracking down COVID-19 cyber threats against organizations that are keeping the vaccine supply chain moving. As part of these efforts, our team recently uncovered a global phishing campaign targeting organizations associated with a COVID-19 cold chain. The cold chain is a component of the vaccine supply chain that ensures the safe preservation of vaccines in temperature-controlled environments during their storage and transportation.

Cybersecurity Trends 2021: Staying secure in uncertain times

www.welivesecurity.com/2020/12/03/cybersecurity-trends-2021-staying-secure-uncertain-times/ ESET experts look back at some of the key themes that defined the cybersecurity landscape in the year that’s ending and give their takes on what to expect in 2021. Read also:


BlackShadow hackers extort Israeli insurance company for $1 million

www.bleepingcomputer.com/news/security/blackshadow-hackers-extort-israeli-insurance-company-for-1-million/ On Monday, a cybercrime group calling themselves ‘BlackShadow’ tweeted that they hacked into the Israeli Shirbit insurance company and stole files during the attack.

How Organizations Can Prevent Users from Using Breached Passwords

thehackernews.com/2020/12/how-organizations-can-prevent-users.html No matter how extensive your security solutions are, protecting the various systems in your environment, your organization may likely be an easy target without proper password security. An especially vulnerable type of password is a breached password, a.k.a “pwned” password. Read also:


Suomeen tulee outoja +212-soittoja tartuimme puhelimeen ja soitimme takaisin

www.is.fi/digitoday/tietoturva/art-2000007660321.html Suomeen soitetaan jatkuvasti huijauspuheluita. Suuri osa niistä on Microsoftin nimissä tehtäviä puhelintukihuijauksia, joissa soittaja väittää uhrin koneella olevan haittaohjelmia ja puhdistuksen olevan tarpeen. Soittajan tarkoitus on päästä uhrin rahoihin käsiksi. Toinen huijaustyyppi ovat wangiri- eli hälärihuijaukset, jotka perustuvat kalliiksi käyvään takaisinsoittoon.

The chronicles of Emotet

securelist.com/the-chronicles-of-emotet/99660/ More than six years have passed since the banking Trojan Emotet was first detected. During this time it has repeatedly mutated, changed direction, acquired partners, picked up modules, and generally been the cause of high-profile incidents and multimillion-dollar losses. The malware is still in fine fettle, and remains one of the most potent cybersecurity threats out there. The Trojan is distributed through spam, which it sends itself, and can spread over local networks and download other malware.

Tibet and Taiwan Targeted in Spearphishing Campaigns Using MESSAGEMANIFOLD Malware

www.recordedfuture.com/messagemanifold-malware-spearphishing-campaigns/ In October 2020, during an investigation of a spearphishing campaign targeting the Tibetan community, Recorded Future’s Insikt Group discovered links to an unknown threat activity group previously engaged in activity targeting Taiwanese legislators in May of 2020. Insikt Group identified multiple overlaps between the two campaigns, including the use of the same hosting provider, similar email themes, and the use of Google Drive links to download the same malware variant. In both campaigns, the group used an unreported malware variant which Insikt Group calls MESSAGEMANIFOLD.

How Cloudflare Became The Most Important Internet Company Nobody Has Heard Of

www.forbes.com/sites/johndunn/2020/12/04/how-cloudflare-became-the-most-important-internet-company-nobody-has-heard-of/ In a perfect world, big networks that hold up important parts of the Internet would never be brought down by single points of failure (SPOFs) but unfortunately there is no such thing as a perfect world.

Metro Vancouver’s transit system hit by Egregor ransomware

www.bleepingcomputer.com/news/security/metro-vancouvers-transit-system-hit-by-egregor-ransomware/ The Egregor ransomware operation has breached Metro Vancouver’s transportation agency TransLink with the cyberattack causing disruptions in services and payment systems.

Kmart nationwide retailer suffers a ransomware attack

www.bleepingcomputer.com/news/security/kmart-nationwide-retailer-suffers-a-ransomware-attack/ US department store Kmart has suffered a ransomware attack that impacts back-end services at the company, BleepingComputer has learned.

FBI: You may be a money mule and not even know it

www.bleepingcomputer.com/news/security/fbi-you-may-be-a-money-mule-and-not-even-know-it/ The FBI has warned of an increasing number of scammers preying on unemployed Americans by trying to recruit them into their money mule schemes and use them to launder funds obtained via fraud, online scams, and other types of criminal activities.

You might be interested in …

Daily NCSC-FI news followup 2019-07-01

The Worm That Nearly Ate the Internet www.nytimes.com/2019/06/29/opinion/sunday/conficker-worm-ukraine.html Just over 10 years ago, a unique strain of malware blitzed the internet so rapidly that it shocked cybersecurity experts worldwide. Known as Conficker, it was and remains the most persistent computer worm ever seen, linking computers with Microsoft operating systems globally, millions of them, to create […]

Read More

Daily NCSC-FI news followup 2020-11-01

Nyt tuli peli, jota puolustusministeriökin hehkuttaa: “Nyt saa pelata työajalla” www.is.fi/digitoday/tietoturva/art-2000006705549.html Digiturvallinen elämä -peli ei vie paljoa aikaa, mutta sen hyödyt voivat kantaa pitkälle. US Cyber Command exposes new Russian malware www.zdnet.com/article/us-cyber-command-exposes-new-russian-malware/#ftag=RSSbaffb68 Together with CISA and the FBI, US Cyber Command wish Russian state hackers a “Happy Halloween!”. Six of the eight samples are for […]

Read More

Daily NCSC-FI news followup 2019-08-23

Fortinet SSL VPN vulnerability from May 2019 being exploited in wild opensecurity.global/forums/topic/181-fortinet-ssl-vpn-vulnerability-from-may-2019-being-exploited-in-wild/ CVE-2018-13379 is being exploited in the wild on Fortigate SSL VPN firewalls. These exist as a perimeter security control, so it’s a bad vulnerability.. Also: https://twitter.com/GossiTheDog/status/1164536461665996800. Original security advisory (2019-05-24) fortiguard.com/psirt/FG-IR-18-384 Cisco Warns of Public Exploit Code for Critical Switch Flaws www.bleepingcomputer.com/news/security/cisco-warns-of-public-exploit-code-for-critical-switch-flaws/ Cisco […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.